Too often, CIOs left wishing for funding for innovation, modernization

Jason Miller, Executive Editor, Federal News Radio

Federal chief information officers have gotten used to the new normal when it
comes to lower or at least flat IT budgets, but they still struggle on how best to
move money from legacy systems to new or innovative programs.

The budget certainty provided by Congress under the Budget Control Act means
senior technology managers are less worried about having money to spend and more
concerned about how to change their spending habits.

TechAmerica and Grant Thornton surveyed 59 federal CIOs and other senior technology managers
from 32 federal and legislative organizations and found CIOs are spending 73
percent of their budgets on operations and maintenance (O&M) of legacy IT systems.

George DelPrete, a principal with Grant Thornton and the chairman of the
TechAmerica CIO Survey, said CIOs reported a drop in O&M spending by more than 10
percent as compared to the 2013 survey. He said
respondents attributed that, in part, to the Office of Management and Budget's
PortfolioStat process.

"There is a silver lining in the fact that the budget has been flat over the last
couple of years. Many CIOs are saying that that's really driven them to find
smarter ways of doing things and really put an enterprise approach into
contracting for things like cell phones," DelPrete said. "There's been some very
good savings that
they've achieved because of the budget challenges and austerity they've had."

DelPrete said the fact that budget dropped from the top challenge for federal CIOs
to number three is recognition of these efforts.

Securing devices, applications a challenge

Cybersecurity moved back up to the top of most CIOs' list of concerns and
priorities after a brief respite at number two last year.

Of the respondents, 53 percent said threats increased by 25 percent to
50 percent over the previous year, while cybersecurity spending accounted for
about 15 percent of all IT money.

DelPrete said concerns over cybersecurity came out through different aspects of
the survey. Under mobility, CIOs said they still haven't figured out whether to
lock down the device or the data.

Under cloud, senior IT managers praised the
Federal Risk Authorization and Management Program (FedRAMP). Sixty percent said
they
have taken advantage of the standardized cloud security services, but there are
ways to improve it. Some of the suggestions include improving the transparency,
pricing and service offerings, as well as increasing the number of vendors who
have received approval.

Finally, CIO support for the continuous diagnostic and mitigation is strong, but
some said the National Institute of Standards and Technology's cyber guidance
needs
to stop being so academic.

One of the biggest surprises from the survey came from those who said CIOs do not
need legislative help to do their job. Of the respondents, 27 percent said new
legislation is not needed. Of those that said Congress needs to act, 18 percent
said acquisition was in most need of reform.

Other CIOs said Congress needs to
overhaul the Federal Information Security Management Act (FISMA), which has been
on the agenda for the last four years but gotten little traction on Capitol Hill.

DelPrete said 75 percent of the respondents said they control less than half of
their IT budget, but many said they have better insight into where and who is
spending the IT funds.

"There's been a big push from OMB through PortfolioStat to create more executive
level investment review boards to really have a good dialogue about IT spending
and how it's working," he said. "It seems like it's paid some dividends in this
area. Even though they don't own all this money, they do have a say in how it's
being spent, and they look to make some changes."

Along those same lines, 89 percent of the CIOs said they are using
shared services. TechAmerica and Grant Thornton used a broad definition of
shared services to mean anything from agencywide or governmentwide contracts to
back-office functions, such as human resources or financial management to other
commonly used systems or services.

"There are a number of lessons learned CIOs shared with us. One is making sure
your requirements are clear; making sure that you know where you are going can
meet your needs, the organization has the capacity to provide the capability you
need; that you do a rigorous cost analysis to make sure you are achieving that
return on investment, and most important, that you have a clear business case to
justify why you are making that move," DelPrete said.